If the end points are not secure, it does not matter how pretty the code is or how strong the cryptographic primitives are. So what is the use of pretending to offer people real privacy?
These people need to start over and get away from the iPhone and from Android as the places to encrypt and decrypt.
Yes, Signal has done impressive work, they have been repeatedly recommended by Snowden, and we even hear, from illegally-disclosed NSA documents, that the NSA regarded Signal as a major threat in 2012. From those same documents we learned that TAILS, TOR, and TrueCrypt were regarded as even more dangerous, as catastrophic. So why the difference in threat level? What is the difference between “major threat” and “catastrophic”? Isn’t it reasonable to guess that it’s the difference is between subvertible and we-can’t-own-it? In other words, if it were an inaccessible system to the U.S. in its actual employment, I think we would be hearing the FBI scream.
Saliva-inducing code and hard encryption do not matter if the end points are compromised or accessible. The world has been flooded with classified documents from several countries–none of which we know are real or not, by the way–but taking them as genuine we get a sudden realization about the importance of end points.
What can a business negotiator, politician, clergyman, lawyer, journalist, or whistle blower do? If you want to be secure you must start offline and encrypt there. Encryption works, that is the good news–if it is properly employed.